Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/kLiTIZ2If919dVVhzojFnRKcjWY.roa
File:                     kLiTIZ2If919dVVhzojFnRKcjWY.roa (raw, json)
Hash identifier:          gTGQxeqsPgxeOl1tDhUDDSBVF0nFKcDzKG4boIHSzpA=
Subject key identifier:   90:B8:93:21:9D:88:7F:DD:7D:75:55:61:CE:88:C5:9D:12:9C:8D:66
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA4C3232E45F38E7583133209A4DF8
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/kLiTIZ2If919dVVhzojFnRKcjWY.roa
Signing time:             Wed 01 Jan 2025 03:48:04 +0000
ROA not before:           Wed 01 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24631
IP address blocks:        87.107.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4c:32:32:e4:5f:38:e7:58:31:33:20:9a:4d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90b893219d887fdd7d755561ce88c59d129c8d66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5f:97:f3:d3:48:21:04:52:25:e7:c0:be:66:
                    60:3b:bc:ca:3f:68:ab:09:d3:8b:0e:a4:b5:19:6c:
                    6f:1a:e0:93:cc:88:6e:eb:fb:db:4e:5e:05:90:1f:
                    e4:17:5a:44:19:b8:16:b2:e7:3a:87:1b:56:df:e3:
                    54:28:5f:22:b3:7f:eb:fc:a7:84:a9:26:b1:4f:ad:
                    fc:03:13:7f:53:ef:e9:92:a4:67:5a:dc:49:a7:22:
                    37:13:45:f5:65:22:ab:34:f7:72:18:f3:15:fa:4b:
                    f6:e8:d6:92:7e:c0:93:a0:49:bc:11:e1:f9:7a:6d:
                    fb:23:7a:83:1d:3c:79:6a:f2:27:a4:68:ed:d0:78:
                    ef:1e:9a:81:a1:66:73:cd:4c:cc:12:f8:3e:06:d1:
                    7f:a5:51:d5:39:4b:11:92:45:75:36:bb:fd:2e:b6:
                    f7:b9:ae:53:1e:18:c8:56:b2:b8:83:07:2e:fb:45:
                    31:87:42:e1:ee:68:96:22:67:de:a6:83:cd:37:e1:
                    ac:59:4a:6f:80:4d:a4:e3:79:ff:c0:21:d8:86:9f:
                    c0:3b:6e:50:38:c3:61:df:02:35:a2:53:27:9f:b0:
                    f8:e7:e1:ef:63:de:ca:6b:c2:78:8e:9f:d2:88:a7:
                    b9:ce:98:d4:38:bf:c8:85:21:c5:66:6e:0e:48:3e:
                    44:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B8:93:21:9D:88:7F:DD:7D:75:55:61:CE:88:C5:9D:12:9C:8D:66
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/kLiTIZ2If919dVVhzojFnRKcjWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:25:17:06:09:f4:72:11:8f:7e:66:1d:b5:b6:4f:29:4a:31:
         0b:af:32:f1:56:1f:9e:4d:c4:66:2d:8b:55:65:37:10:2c:5c:
         41:84:23:6a:6d:74:52:d5:69:96:54:e6:ab:5e:76:35:cb:c6:
         01:62:4d:04:9a:3e:78:a0:e5:af:f6:a1:dc:b6:c2:4d:78:84:
         b7:0f:fc:80:09:91:5c:57:09:db:9e:d2:ae:72:6a:04:53:18:
         a6:b4:60:d9:f3:0b:c7:11:85:16:5d:d0:6e:04:0a:9a:55:9a:
         29:78:64:7f:69:a0:e3:13:cb:ad:fa:be:38:aa:39:c7:76:54:
         86:7a:d0:eb:6a:0e:76:a1:18:87:59:3a:f7:51:c4:dd:f8:29:
         49:b7:d7:74:28:c7:e6:c8:3b:d9:34:6d:7e:e1:1d:5c:5a:30:
         09:cb:f5:00:35:80:42:ce:d7:14:b2:b2:8e:ab:10:49:6f:0a:
         50:a6:88:6c:39:bd:3c:2f:96:4e:ac:95:65:7a:4c:86:bf:cc:
         2e:6f:52:e2:dc:62:05:71:64:44:17:e7:03:11:5a:38:6a:f8:
         da:76:d1:2f:75:f1:f4:60:79:8d:28:8e:f4:42:00:18:f7:be:
         70:98:cc:71:dc:52:0d:ea:50:32:46:55:50:c9:4a:dd:f3:91:
         d3:ff:48:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kwyMuRfOOdYMTMgmk34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4OTMyMTlkODg3ZmRkN2Q3NTU1NjFjZTg4YzU5ZDEyOWM4ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtV+X89NIIQRSJefAvmZgO7zKP2ir
CdOLDqS1GWxvGuCTzIhu6/vbTl4FkB/kF1pEGbgWsuc6hxtW3+NUKF8is3/r/KeE
qSaxT638AxN/U+/pkqRnWtxJpyI3E0X1ZSKrNPdyGPMV+kv26NaSfsCToEm8EeH5
em37I3qDHTx5avInpGjt0HjvHpqBoWZzzUzMEvg+BtF/pVHVOUsRkkV1Nrv9Lrb3
ua5THhjIVrK4gwcu+0Uxh0Lh7miWImfepoPNN+GsWUpvgE2k43n/wCHYhp/AO25Q
OMNh3wI1olMnn7D45+HvY97Ka8J4jp/SiKe5zpjUOL/IhSHFZm4OSD5EIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC4kyGdiH/dfXVVYc6IxZ0SnI1mMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEva0xpVElaMklmOTE5ZFZWaHpvakZuUktjaldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2tmMA0G
CSqGSIb3DQEBCwUAA4IBAQA2JRcGCfRyEY9+Zh21tk8pSjELrzLxVh+eTcRmLYtV
ZTcQLFxBhCNqbXRS1WmWVOarXnY1y8YBYk0Emj54oOWv9qHctsJNeIS3D/yACZFc
VwnbntKucmoEUximtGDZ8wvHEYUWXdBuBAqaVZopeGR/aaDjE8ut+r44qjnHdlSG
etDrag52oRiHWTr3UcTd+ClJt9d0KMfmyDvZNG1+4R1cWjAJy/UANYBCztcUsrKO
qxBJbwpQpohsOb08L5ZOrJVlekyGv8wub1Li3GIFcWREF+cDEVo4avjadtEvdfH0
YHmNKI70QgAY975wmMxx3FIN6lAyRlVQyUrd85HT/0jx
-----END CERTIFICATE-----